Signature vs. PIN, Post-Durbin

By Andrew Deichler

Published: 2011-07-21

Signature-based debit transactions carried higher
interchange rates than PIN debit transactions for many years. The Durbin
Amendment will finally balance those fees, but with this change comes a debate over
the future of these two types of transactions.

In a panel discussion at the AFP Retail Roundtable in May, Steve
Mott, CEO of BetterBuyDesign, explained that signature debit transactions do
not exist in many countries outside the U.S., other than France, the U.K. and
some Asian countries. It has not really caught on elsewhere because most
consumers view debit transactions as using “their” money, which they are
putting into the bank for “safe-keeping,” Mott said.

The Federal Reserve issued its final rule on debit interchange
fees on June 29, setting signature and PIN at 21 cents per transaction. Banks
also are allowed to charge slightly more if they take steps to avoid fraud. The
new rule goes into effect on October 1.

Some industry experts now expect financial institutions to
begin pushing their PIN-based product, which currently carries fees of about 10
cents per transaction. However, this is not a viable option for Visa and some
of the larger financial institutions, Mott told Payments in an exclusive interview. “I think they would prefer to
figure out how they can get around the intent of whatever the regulations turn
out to be to promote the golden goose of signature debit as long as they
possibly can, at least in the United States. And I think Visa’s long-term
strategy is to kill PIN, because it takes almost all of the possible fraud and
problems out of the system. And that’s not good for the payments industry
because they make all of their money on inefficiencies in the payments system.”

Security

Signature debit carries a high potential for fraud, noted
one retailer at the session. Panelist Pat Moran, Senior Vice President, Product
Management of Fifth Third Processing Solutions, said that amount of fraud on signature
debit is actually very low, “in the three basis point range, on volume.”
However, Moran admitted that there is next to no fraud with PIN debit.
Moreover, session moderator David Bellinger, CTP, Director of Payments at AFP, added
that the Fed found loss rates for signature to be “tremendously higher” than
any fraud discovered with PIN.

Bellinger asked the crowd whether or not refusing signature
debit is a legitimate option, and they universally agreed that it is not. “It’s
possible to say that you can stop taking signature debit, but when you are a
merchant that has been in business for a number of years, and your customers
are conditioned to coming in—you face a real loss of revenue,” said one
corporate in attendance.

One corporate asked why the banks continue to push an
inferior product. “As a consumer, I feel much more secure using PIN debit
because only I know my PIN,” he said.

Moran agreed that PIN is much more secure than signature.
But to reach a more secure solution, the costs are high, he said. “Ninety percent
of our merchant customers don’t take PIN today,” he said.

There are other significant incentives for card issuers to
push signature transactions. “The issuer may get their interchange regardless
of whether it’s PIN or signature, but for Visa and MasterCard, there’s a little
add-on beyond interchange that they risk losing,” said one retailer.

Mott cited this is as another reason why Visa is trying to expunge
PIN, which it views as a static authenticator, and move to dynamic
authentication, EMV (Europay, MasterCard and Visa) chip and PIN—with a slight
alteration.

“They don’t want to
tie the transaction to the consumer, which is why the fraud and the chargeback
and charge-off rates are so low for PIN,” said Mott. “But they also don’t
actually encrypt the information on the account credential that’s in the card
with the chip on it. They leave the PAN (Primary Account Number) and the
expiration date in the clear. They encrypt the CVD (Card Verification Data)
code, a small piece of data that provides a unique transaction ID, and that
goes with the PAN and expiry date all the way through the system and back to
the merchant.

“The problem with that solution is that doesn’t relieve the
merchant from PCI compliance. You still have the PAN and expiry date. Not only
that, but I can shop on dozens of online sites with just the PAN and expiry
date, because they don’t look for the CVD. So Visa, in my view, is playing
three-card Monte with payments security. If you take the PIN out and leave the
PAN and expiry date in the clear, the merchants don’t really benefit
fundamentally from the shift to EMV.”